Ssl certificate administration – HP Integrated Lights-Out 2 User Manual
Page 45
SSL certificate administration
The iLO 2 firmware enables you to create a certificate signing request (CSR) with custom subject
information or default settings, import a certificate, and view certificate administration information
associated with a stored certificate. Certificate information is encoded in the certificate by the CA
and is extracted by iLO 2.
By default, iLO 2 creates a self-signed certificate for use in SSL connections. This certificate enables
iLO 2 to work without any additional configuration steps. The security features of the iLO 2 can
be enhanced by importing a trusted certificate. For more information on certificates and certificate
services, see
“Introduction to certificate services” (page 132)
and
“Installing certificate services”
.
To access certificate information, click Administration>Security>SSL Certificate. The SSL Certificate
tab displays the following information:
•
The Issued To field lists the entity to which the certificate was issued.
•
The Issued By field lists the CA that issued the certificate.
•
The Valid From field lists the first date that the certificate is valid.
•
The Valid Until field lists the date that the certificate will expire.
•
The Serial Number field lists the serial number assigned to the certificate by the CA.
•
The Domain Name button to choose between the fully qualified domain name and the
shortname as CSR Common Name (CN).
•
The SSL Key Length button to choose between 2048 or 1024 bit private key length for CSR.
•
The Customized CSR radio button to choose between CSR with custom or default subject fields.
•
The Country field for configuring the CSR subject country name.
•
The State or Province field for configuring the CSR subject state name.
•
The Organization Name field for configuring the CSR subject organization name.
•
The Organization Unit field for configuring the CSR subject organization unit name.
•
The City or Locality field for configuring the CSR subject city or locality name.
•
The Common Name field for configuring the CSR subject common name.
The following options are available on the SSL Certificate tab:
•
Apply Button – When you click the Apply button, custom CSR data is validated and stored in
iLO2. During the certificate generation request, the stored CSR settings are used by iLO2.
•
Create Certificate Request – Use this button to create a certificate request. When you click
this button, a CR is created (in PKCS #10 format) that can be sent to a CA. This certificate
request is Base64-encoded. A CA processes this request and returns a response (X.509
certificate) that can be imported into iLO 2.
The CR contains a public/private key pair that validates communications between the client
browser and iLO 2. The generated CR is held in memory until a new CR is generated, iLO 2
is reset, or a certificate is imported by the generation process. You can generate the CR and
copy it to the client clipboard, leave the iLO 2 website to retrieve the certificate, and then
return to import the certificate.
When submitting the request to the CA, be sure to perform the following tasks:
1.
Use the iLO 2 name as listed on the System Status screen as the URL for the server.
2.
Request that the certificate is generated in the RAW format.
3.
Include the Begin and End certificate lines.
Every time you click Create Certificate Request, a new certificate request is generated, even
though the iLO 2 name is the same. Generally SSL keys pairs are pre-generated. The CSR is
Security
45